Описание
Leantime allows Stored Cross-Site Scripting (XSS)
Summary
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.
Details
A Stored Cross-Site Scripting (XSS) vulnerability was found that could potentially compromise user data and pose a significant security risk to the platform.
PoC
- Create a project
- Navigate to project
- Visit to the integration
- Add malicious payload inside the webhook and save it.
- Notice the alert dialogue indicating successful execution of the XSS payload.
POC
Impact
This XSS vulnerability allows an attacker to execute malicious scripts in the context of a victim's browser when they click on a specially crafted link. This could lead to various malicious activities, including session hijacking, stealing sensitive information such as cookies or login credentials, and potentially compromising the entire platform's security.
Пакеты
leantime/leantime
<= 3.1.4
Отсутствует
5.9 Medium
CVSS4
Дефекты
5.9 Medium
CVSS4